Chage script for Linux servers?

**pangea33** · Dec 20 '06, 06:25 AM

Re: Chage script for Linux servers?

Ivan Marsh wrote:

Hey folks,
>
I'm looking for a script that allows control of account expiration dates
using chage under Linux so non admins can control account expiration of
client accounts. Anyone ever written anything like that?

This is definitely not something you're capable of accomplishing simply
by using PHP. The PHP engine is running on the Linux box, so it's
limited by the security configuration of that server. Including the
security settings that keep non-admin users from modifying settings
only accessible by administrators. Sorry, man.

**Ivan Marsh** · Dec 20 '06, 03:25 PM

Re: Chage script for Linux servers?

On Tue, 19 Dec 2006 22:19:11 -0800, pangea33 wrote:

Ivan Marsh wrote:

>Hey folks,
>>
>I'm looking for a script that allows control of account expiration
>dates using chage under Linux so non admins can control account
>expiration of client accounts. Anyone ever written anything like that?

>
This is definitely not something you're capable of accomplishing simply
by using PHP. The PHP engine is running on the Linux box, so it's
limited by the security configuration of that server. Including the
security settings that keep non-admin users from modifying settings only
accessible by administrators. Sorry, man.

Are you suggesting it's not possible to shell out and run a sudo command
from a PHP script?

I have complete control over the server in question.

**Jerry Stuckle** · Dec 20 '06, 04:35 PM

Re: Chage script for Linux servers?

Ivan Marsh wrote:

On Tue, 19 Dec 2006 22:19:11 -0800, pangea33 wrote:
>
>

>>Ivan Marsh wrote:
>>

>>>Hey folks,
>>>
>>>I'm looking for a script that allows control of account expiration
>>>dates using chage under Linux so non admins can control account
>>>expiration of client accounts. Anyone ever written anything like that?

>>
>>This is definitely not something you're capable of accomplishing simply
>>by using PHP. The PHP engine is running on the Linux box, so it's
>>limited by the security configuration of that server. Including the
>>security settings that keep non-admin users from modifying settings only
>>accessible by administrators. Sorry, man.

>
>
Are you suggesting it's not possible to shell out and run a sudo command
from a PHP script?
>
I have complete control over the server in question.

You can, but you're creating a security whole in your server the size of
the Grand Canyon.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**Ivan Marsh** · Dec 20 '06, 04:55 PM

Re: Chage script for Linux servers?

On Wed, 20 Dec 2006 11:33:14 -0500, Jerry Stuckle wrote:

Ivan Marsh wrote:

>On Tue, 19 Dec 2006 22:19:11 -0800, pangea33 wrote:
>>
>>

>>>Ivan Marsh wrote:
>>>
>>>>Hey folks,
>>>>
>>>>I'm looking for a script that allows control of account expiration
>>>>dates using chage under Linux so non admins can control account
>>>>expiratio n of client accounts. Anyone ever written anything like that?
>>>
>>>This is definitely not something you're capable of accomplishing simply
>>>by using PHP. The PHP engine is running on the Linux box, so it's
>>>limited by the security configuration of that server. Including the
>>>security settings that keep non-admin users from modifying settings only
>>>accessible by administrators. Sorry, man.

>>
>>
>Are you suggesting it's not possible to shell out and run a sudo command
>from a PHP script?
>>
>I have complete control over the server in question.

>
You can, but you're creating a security whole in your server the size of
the Grand Canyon.

Of that I have no doubt... but this isn't a public server so I only have
to worry about "internal" issues.

**pangea33** · Dec 22 '06, 10:05 PM

Re: Chage script for Linux servers?

Ivan Marsh wrote:

On Wed, 20 Dec 2006 11:33:14 -0500, Jerry Stuckle wrote:
>

Ivan Marsh wrote:

On Tue, 19 Dec 2006 22:19:11 -0800, pangea33 wrote:
>
>
>>Ivan Marsh wrote:
>>
>>>Hey folks,
>>>
>>>I'm looking for a script that allows control of account expiration
>>>dates using chage under Linux so non admins can control account
>>>expiration of client accounts. Anyone ever written anything like that?
>>
>>This is definitely not something you're capable of accomplishing simply
>>by using PHP. The PHP engine is running on the Linux box, so it's
>>limited by the security configuration of that server. Including the
>>security settings that keep non-admin users from modifying settings only
>>accessible by administrators. Sorry, man.
>
>
Are you suggesting it's not possible to shell out and run a sudo command
from a PHP script?
>
I have complete control over the server in question.

You can, but you're creating a security whole in your server the size of
the Grand Canyon.

>
Of that I have no doubt... but this isn't a public server so I only have
to worry about "internal" issues.

My response about an inability to do this was due to it being in a php
forum. If you've got full control over this server, why are you using
php? If it's because you're developing an Intranet, you can indeed use
sudo in the script, but will have to either use NOPASSWD or store the
unencrypted admin password in a text document that the webserver user
account can access and read.

Any thoughts about firing off a shell script cron task as root on the
server instead of allowing indiscriminate execution by users?

**Ivan Marsh** · Dec 26 '06, 04:15 PM

Re: Chage script for Linux servers?

On Fri, 22 Dec 2006 14:03:35 -0800, pangea33 wrote:

Ivan Marsh wrote:

>On Wed, 20 Dec 2006 11:33:14 -0500, Jerry Stuckle wrote:
>>

Ivan Marsh wrote:
>On Tue, 19 Dec 2006 22:19:11 -0800, pangea33 wrote:
>>
>>
>>>Ivan Marsh wrote:
>>>
>>>>Hey folks,
>>>>
>>>>I'm looking for a script that allows control of account expiration
>>>>dates using chage under Linux so non admins can control account
>>>>expiratio n of client accounts. Anyone ever written anything like that?
>>>
>>>This is definitely not something you're capable of accomplishing simply
>>>by using PHP. The PHP engine is running on the Linux box, so it's
>>>limited by the security configuration of that server. Including the
>>>security settings that keep non-admin users from modifying settings only
>>>accessible by administrators. Sorry, man.
>>
>>
>Are you suggesting it's not possible to shell out and run a sudo command
>from a PHP script?
>>
>I have complete control over the server in question.
>
You can, but you're creating a security whole in your server the size of
the Grand Canyon.

>>
>Of that I have no doubt... but this isn't a public server so I only have
>to worry about "internal" issues.

>
My response about an inability to do this was due to it being in a php
forum. If you've got full control over this server, why are you using
php? If it's because you're developing an Intranet, you can indeed use
sudo in the script, but will have to either use NOPASSWD or store the
unencrypted admin password in a text document that the webserver user
account can access and read.
>
Any thoughts about firing off a shell script cron task as root on the
server instead of allowing indiscriminate execution by users?

"Indiscrimi nate execution by users" is, unfortunately the access I've been
asked to provide.

What the script will ultimately be doing is giving a select group of
internal users the ability to check and reset the password expiration
dates of a white-list of external client users.

Chage script for Linux servers?

Chage script for Linux servers?

Comment

Comment

Comment

Comment

Comment

Comment